Sunday, November 23, 2008

Trojan.AgentMB.JIXQ513316 aka FUvirus.exe

reposted and expanded from a yahoo! answers post earlier:

apparently this a new virus and the infection is spreading. there are more of us out there and we are all frustrated by the lack of information and panicked by the havoc it's creating. since i got hit a couple of days ago, i'm still searching for a cure to put an end to this madness, while burning my uninfected files to dvd in case there is no hope left. thank god for security task manager that's enabled me to at least keep my computer from totally dying while i save my files. if i had the money, i'd buy the thing to keep me sane beyond the 30-day trial period.

anyway, some things that might be find useful for others out there while the computer doctors race for a cure to this disease. my band-aid solution while waiting for major surgery.

1. first up, the virus is called Trojan.AgentMB.JIXQ513316. it's also called the FUvirus.exe (Welcome to Fu Virus!)

2. it's lodges in the system32 folder and it is programmed to stay hidden. it pretends to be a legitimate process so other antiviruses cannot/have difficulty sensing it.

3.deleting it and putting it in the trash bin won't work as it will tell you it's a running process..i only found out where it was when i downloaded the trial version of security task manager. it helped stem the havoc it was creating as this program was able to detect hidden processes and gave me the option to quarantine it. i would suggest you download it here. security task manager will show you the FUvirus process running, and let you quarantine it when it pops up. should you delete the process from quarantine, be warned that it will stem the tide but not totally eradicate it as it will have infected other drives or folders as it happened to me. do not panic if you can't find files....go on to the next item.

4. it impersonates all the folders it can get its hands on, attaches a .exe to make them into application folders. don't be fooled!!! your files are still there, the virus just hides them as system files so you can't see them if your folder options hides these kinds of folders. just go to folder options and uncheck the hide system folders option. your files will then be visible as semi-transparent system folders.

5. then i suggest you install bitdefender as it was the one that identified it as Trojan.AgentMB.JIXQ513316. bitdefender recognizes this virus and blocks it no matter what signature/path or name it uses while letting you access all your files, even ones whose folders are still infected.

6. this jumps from port to port via USB so don't use any for the moment. burning files to dvd works. just don't burn the .exe infections...be sure you are NOT burning the files that have .exe's where there aren't supposed to be.

as of now, i posted this in the bitdefender forum and am just waiting for a reply. i will post as soon as i get the right cure :) hang in there, everyone.

***

another way is for a system restore to an earlier date, as AJ said. but i haven't tried it yet. still burning my files as of now, just in case something goes wrong and all my files get blipped out of existence.

***

don't use your infected usb or let anyone else use it. when you're able to find a cure, clean your pc first then attach your USB to be cleaned.

***

or reformat. but don't use your infected usb because it will reinfect your comptuer.

:) whew! hope this helps. goodluck to us!


Lilypie Breastfeeding Ticker

2 comments:

lyer mendoza said...

use combofix together with security task manager to get rid of this virus

jet said...

AVIRA ANTTIVIR and F-Secure CAN HELP YOU..

porestarazon5142@gmail.com